🛡️

Threat Vectors Overview

Jul 23, 2025

Overview

This lecture explains threat vectors—methods attackers use to gain access to systems—and highlights common examples, techniques, and defenses against such attacks.

Threat Vectors Overview

  • A threat vector (or attack vector) is a method attackers use to gain unauthorized access to systems.
  • Attackers are always searching for new or unknown threat vectors to exploit vulnerabilities.

Messaging and Phishing Attacks

  • Messaging systems (email, SMS, instant messages) are common starting points for attacks.
  • Phishing uses deceptive messages to trick users into clicking malicious links or revealing personal information.
  • Attackers may embed malware or malicious links in messages and emails.
  • Social engineering tactics include fraudulent invoices and cryptocurrency scams sent via messaging.

File and Image-Based Threat Vectors

  • Image formats like SVG can contain embedded malicious code (e.g., JavaScript) that runs in browsers.
  • Files such as executables, PDFs, compressed files (zip, rar), and office documents (with macros) can hide malware.
  • Browser add-ins or extensions may also be used as threat vectors.

Phone and Voice-Based Attacks

  • Vishing is a voice phishing attack that uses phone calls to steal sensitive information.
  • Spam over IP and war dialing are used to gain access or disrupt systems via telecommunications.

Removable Media and Hardware Threats

  • USB drives can deliver malware or act as disguised keyboards to execute commands.
  • Removable media allows easy transfer of malicious files or data theft, especially on air-gapped networks.

Software and Application Vulnerabilities

  • Keeping software up to date is crucial to patch security vulnerabilities.
  • Web-based and agentless systems pose risks if their central servers are compromised.
  • Unsupported systems (e.g., old operating systems) lack patches and are significant security risks.
  • Regular network scans are needed to identify and secure all devices.

Network Infrastructure and Wireless Threats

  • Network vulnerabilities can be exploited through outdated protocols or misconfigured devices.
  • Wireless threats include insecure Wi-Fi and Bluetooth implementations.
  • Open ports and services on servers increase attack surfaces, requiring firewall controls.
  • Default credentials on network devices are easily exploited if not changed.

Supply Chain and Third-Party Risks

  • Supply chain attacks introduce threats via compromised hardware or third-party contractors.
  • Managed Service Providers (MSPs) can be targeted, allowing attackers access to client systems.
  • Counterfeit hardware with embedded malware poses additional risks.

Key Terms & Definitions

  • Threat Vector — The method or pathway used by an attacker to enter or compromise a system.
  • Phishing — Deceptive attempts to acquire sensitive data by pretending to be a trustworthy entity.
  • Vishing — Voice phishing; using phone calls to trick individuals into giving up confidential data.
  • Social Engineering — Psychological manipulation to trick individuals into divulging confidential information.
  • Air-gapped Network — A network physically isolated from unsecured networks like the internet.
  • War Dialing — The process of dialing many phone numbers to find vulnerable modems or systems.
  • Default Credentials — Preset usernames and passwords installed on devices by manufacturers.
  • Supply Chain Attack — Compromise introduced through hardware, software, or service providers.

Action Items / Next Steps

  • Verify and update default credentials on all network devices.
  • Regularly update and patch all software and operating systems.
  • Periodically scan your network to identify unsupported or unknown systems.
  • Limit open ports and services, utilizing firewalls for protection.
  • Be vigilant about suspicious messages, files, and removable media.

Full transcript